This role is within the IT department of a Global Investment Bank. The Technology Risk Officer is part of the Technology Risk team encompassing Technology Risk and Information Security which acts as the First Line of Defence You will be responsible for providing oversight of the control environment across various CIO teams in the IT department. You will assess the technology risks across key applications, systems and processes and maintain an understanding of the key areas of risk
ICBC Standard Bank Plc (ICBCS) is 60% owned by Industrial and Commercial Bank of China and 40% by Standard Bank. ICBCS benefits from a unique Chinese and African parentage and an unrivalled global network and level of expertise
ICBCS is a leading financial markets and commodities bank, driven to deliver the right outcomes for our stakeholders, clients, counterparties and the markets in which we operate. We deliver products in an environment which considers the appropriate needs of our clients, whilst providing guidance and expertise to ensure our employees understand our business and uphold the highest levels of conduct. We want passionate and talented individuals who are motivated by high growth potential being achieved in doing business the right way
Headquartered in London, ICBCS also has operations in Dubai, Hong Kong, Shanghai, Singapore, and New York
This role is within the IT department of a Global Investment Bank. The Technology Risk Officer is part of the Technology Risk team encompassing Technology Risk and Information Security which acts as the First Line of Defence.
You will be responsible for providing oversight of the control environment across various CIO teams in the IT department. You will assess the technology risks across key applications, systems and processes and maintain an understanding of the key areas of risk. You will work in close partnership other members of the Technology Risk team (Security Operations, Information Security, IT Risk and Logical Access Management) and with the CIO teams to identify appropriate remediation actions to being any risks identified back to within our risk appetite and then oversee the timely delivery of any remediation work agreed.
- Support the risk governance processes covering the IT teams (control assessments, risk committees, risk acceptances, risk register, risk remediation action tracking)
- Capture and manage risks raised by IT either in response to identified vulnerabilities, incidents or formal controls assessment processes
- Perform application and system control reviews both as part of the change management processes and also as part of a periodic controls assessment program.
- Produce monthly management reporting (MIS) in support of the various activities within the IT risk management governance framework
- Support the Head of Technology Risk in developing the maturity of risk management activities across IT and provide through leadership as required
- Provide technology controls and risk advice to the IT teams and liaise with other controls experts across the organisation as appropriate (e.g. information security, business continuity)
- Champion best practices for GCC (general computer controls), including change management, Identify and access management, SDLC
Experience required to successfully perform the role:
- Professional Qualifications - CISA/RiskIT/CISM/CISSP/CSSLP (Desirable)
- Extensive experience working in IT with a risk or controls focus or in an internal audit function specialising in IT
- Thorough understanding of software development lifecycles (SDLC) and general computer controls (GCCs)
- Excellent knowledge of technology risk and control taxonomies and the industry standard frameworks (COBIT, ISO27001, ISO/IEC 27034, COSO)
- Excellent relationship management and collaboration skills and ability to provide appropriate challenge to IT colleagues on control design and operation and the tracking of any agreed remediation activities
- Deep understanding of audit requirements and ability to provide accurate and timely information to requests
- Understanding of regulation, policy and standards applicable to the technology control environment
- Working knowledge of the Global Markets business